hi everyone,
I have config ipsec vpn between 2 fortigates 80E & 60E (2 fortigates behind ISP Router), VPN status is up but i cannot ping to LAN network and i cannot see traffic . I configed IPSEC VPN route-based . What's kind of information to provide for you to help this problem ? Please help me, thanks admin & everyone.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Routing seems to normal.
did you config policy properly & place at top
Also check helpful commands
From 80E
diag debug flow filter addr X.X.X.X ( 192.168.3.X )
diag debug flow show console enable
diag debug flow show function-name enable
diag debug console timestamp enable
diag debug flow trace start 999
diag debug enable
Same as 60E & share.
Regards,
Sudarsan Babu P
When you defined the routes to the remote LANs, did you make the distance lower than your default? This needs to be in place or the traffic may wander out the default. Sniff the traffic to confirm that it is using the correct path.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Did you configure policy properly & place them in top list. I think some problem in policy.
Regards,
Sudarsan Babu p
Regards,
Sudarsan Babu P
Hello,
Can you check the subnet which you add in address object & also uncheck split tunnel.
Regards,
Sudarsan Babu P
Regards,
Sudarsan Babu P
thanks Babu,
i have subnet at 80E : 192.168.5.0/24 , 60E: 192.168.3.0/24 . i also uncheck split tunnel . i have an connection diagrams at attach file.
I see at log at VPN Events : level : notice , action: Tunnel stats, Message: IPsec tunnel statistics .
Please help me more, thanks a lot .
Links image of connection diagrams : https://photos.app.goo.gl/PL1PDqI8axSITZvd2
Can you check in cli & share
get router info routing-table all.
Regards,
Sudarsan Babu P
At 60E:
FGT60E1 # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default
S* 0.0.0.0/0 [10/0] via 192.168.1.1, wan1 C 192.168.1.0/24 is directly connected, wan1 C 192.168.3.0/24 is directly connected, internal S 192.168.5.0/24 [10/0] is directly connected, To_HL
At 80E:
FG80E # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default
S* 0.0.0.0/0 [10/0] via 192.168.1.1, wan1 C 192.168.1.0/24 is directly connected, wan1 S 192.168.3.0/24 [10/0] is directly connected, To_MCTRD C 192.168.5.0/24 is directly connected, lan
Please see this and help me :)
Routing seems to normal.
did you config policy properly & place at top
Also check helpful commands
From 80E
diag debug flow filter addr X.X.X.X ( 192.168.3.X )
diag debug flow show console enable
diag debug flow show function-name enable
diag debug console timestamp enable
diag debug flow trace start 999
diag debug enable
Same as 60E & share.
Regards,
Sudarsan Babu P
When you defined the routes to the remote LANs, did you make the distance lower than your default? This needs to be in place or the traffic may wander out the default. Sniff the traffic to confirm that it is using the correct path.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
@Sudarsan Babu : i try check by commands you give me but no log data in debug . I also try debug by cli command at 80E: diag debub app ike -1 and have a result at attach file named "log debug 80E.txt" . Please see this and give me an advice to resolve this problem , thanks .
@rwpatterson : i have config the distance is 5 (default : 10) but no result . Please give me an advice to resolve this problem , thanks .
Did you configure policy properly & place them in top list. I think some problem in policy.
Regards,
Sudarsan Babu p
Regards,
Sudarsan Babu P
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.